Powerbox for Gtk 1.15

Powerbox for Gtk is a patch to Gtk which replaces its GtkFileChooserDialog.
Powerbox for Gtk is a patch to Gtk which replaces its GtkFileChooserDialog

Powerbox is a normal file chooser dialog box, except that it dynamically grants the application the right to access the file that the user picks.

This helps provide security because the application can be run without needing access to all the user's files. Powerbox-for-Gtk patches Gtk to replace GtkFileChooserDialog with a powerbox.

It is based on Plash, which provides a restricted execution environment on Linux.

What's New in This Release:

Add gtk-powerbox.c: an LD_PRELOADed patch to Gtk to replace the GtkFileChooserDialog interface so that it calls Plash's powerbox.
Rename "plash" executable to "pola-shell".
fs-operations.c: Add log method. Add an "end" log message when the fs_op object is dropped.
make.sh: Add "-Wl,-z,relro" when linking ld.so. Fixes obscure problem when dlopen()ing libraries that might require an executable stack.
Intercept getsockname() so that it returns the correct pathname for Unix domain sockets. Extended the g_fds array in libc so that it can contain these pathnames. It is now an array of "struct libc_fd"s, rather than an array of "cap_t"s. libc-fds.h: New file. libc-misc.c: Introduced fds_resize(), fds_slot_clear(). Changed open(), close(), dup2(), etc. libc-connect.c: Add getsockname() and change connect() and bind().
Reason: I discovered that gconfd2 (or possibly Orbit) was relying on getsockname() returning the pathname that it earlier passed to bind(). This meant that Gnumeric was unable to spawn a gconf process itself, and it produced loads of errors.
fs-operations.c, libc-misc.c: Fixed fstat() to return the correct information on directory FDs. Added the fsop_dir_fstat method to implement this.
build-fs-dynamic.c: Implement link() and rename() methods. This is needed for when GNOME and KDE apps hard link files inside $HOME.
filesysobj-real.c: Changes to allow rename and hard link calls of the form rename("dir/foo1", "dir/foo2") to work.
The problem: The real_dir_rename and real_dir_link methods only work in the same-directory case; their test was a pointer comparison on real_dir objects. However, resolving a directory pathname like "dir" always returns a new real_dir object. This meant that the rename() call wouldn't work when you use full pathnames.
This was causing some failures. eg. Konqueror wouldn't start: some code relied on creating "$HOME/.ICEauthority-l" as a hard link to "$HOME/.ICEauthority-c".
The partial solution: Change the same-directory check to compare inode and device number of directory, after trying a pointer comparison.

last updated on:
December 13th, 2005, 22:01 GMT
license type:
LGPL (GNU Lesser General Public License) 
developed by:
Mark Seaborn
ROOT \ Security
Powerbox for Gtk
Download Button

In a hurry? Add it to your Download Basket!

user rating 19



Rate it!

Add your review!